The simple but powerful elegance of Django REST Framework · Django REST Framework The simple but...

Django REST Framework

The simplebut powerfulelegance of

Morten Barklund

Full-stackFreelancer

Rookie Pythonista Decent Djangoneer

Table of

Contents

01 Django RESTFramework

02 Permissions

03 Examples

04 More

Django REST Framework• JSON-based REST

• Heavily ORM-backed serialization

• Authentication

• Validation

from django.contrib.auth.models import Userfrom rest_framework import serializers

class UserSerializer(serializers.ModelSerializer): class Meta: model = User fields = ('username', 'email', )

from django.contrib.auth.models import Userfrom rest_framework import viewsetsfrom .serializers import UserSerializer

class UserViewSet(viewsets.ModelViewSet): queryset = User.objects.all() serializer_class = UserSerializer

from django.conf.urls import url, includefrom rest_framework import routersfrom . import views

router = routers.DefaultRouter()router.register(r'users', views.UserViewSet)

urlpatterns = [ url(r'^', include(router.urls)), url(r'^api-auth/', include(‘rest_framework.urls', namespace='rest_framework'))]

INSTALLED_APPS = ( ... 'rest_framework',)

REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.AllowAny', )}

GET /users/POST /users/GET /users/<pk>/PUT /users/<pk>/PATCH /users/<pk>/DELETE /users/<pk>/

Permissions

• Who can do what

• Object collections

• Individual objects

next11

class Book(models.Model): author = models.ForeignKey('User') title = models.TextField()

class BookSerializer(serializers.ModelSerializer): class Meta: model = Book fields = ('author', 'title', )

class BookViewSet(viewsets.ModelViewSet): queryset = Book.objects.all() serializer_class = BookSerializer

router = routers.DefaultRouter()router.register(r'books', BookViewSet)

next12

INSTALLED_APPS = ( ... 'dry_rest_permissions',)

next13

from dry_rest_permissions.generics import DRYPermissions

class BookViewSet(viewsets.ModelViewSet): permission_classes = (DRYPermissions,) queryset = Book.objects.all() serializer_class = BookSerializer

next14

class Book(models.Model): author = models.ForeignKey('User') ...

@staticmethod def has_read_permission(request): return True

@staticmethod def has_write_permission(request): return False

@staticmethod @authenticated_users def has_create_permission(request): return True

next15

class Book(models.Model): ...

@staticmethod @authenticated_users def has_write_permission(request): return True

def has_object_write_permission(self, request): return request.user == self.author

next16

class Book(models.Model): ...

@allow_staff_or_superuser def has_object_delete_permission(self, request): return request.user == self.author

Examples

next18

class Group(models.Model): name = models.CharField(max_length=128) is_public = models.BooleanField(default=True) members = models.ManyToManyField(“User", through='Membership')

class Membership(models.Model): user = models.ForeignKey("User") group = models.ForeignKey(Group) is_admin = models.BooleanField(default=False)

next19

class GroupSerializer(serializers.ModelSerializer): class Meta: model = 'group' fields = ('name', 'members', )

class GroupViewSet(viewsets.ModelViewSet): permission_classes = (DRYPermissions,) queryset = Group.objects.all() serializer_class = GroupSerializer

router = routers.DefaultRouter()router.register(r'groups', GroupViewSet)

next20

class Group(models.Model): ...

@authenticated_users def has_object_read_permission(self, request): return self.is_public or self.members.filter(pk=request.user.pk).exists()

next21

class Group(models.Model): ...

@authenticated_users def has_object_read_permission(self, request): return self.is_public or self.members.filter(pk=request.user.pk).exists()

def has_object_write_permission(self, request): return self.membership_set \ .get(user=request.user).is_admin

next22

class Message(models.Model): group = models.ForeignKey(Group) author = models.ForeignKey("User") body = models.TextField()

next23

def has_object_read_permission(self, request): return self.group.has_object_read_permission(request)

next24

def has_object_write_permission(self, request): return self.author == request.user

next25

def has_object_write_permission(self, request): return self.author == request.user

def has_object_delete_permission(self, request): return self.author == request.user or self.group.has_object_write_permission(request)

next26

class Comment(models.Model): message = models.ForeignKey(Message) commenter = models.ForeignKey("User") reply = models.TextField()

next27

def has_object_read_permission(self, request): return self.message \ .has_object_read_permission(request)

next28

def has_object_write_permission(self, request): return self.commenter == request.user

next29

def has_object_write_permission(self, request): return self.commenter == request.user

def has_object_delete_permission(self, request): return self.commenter == request.user or self.message.has_object_delete_permission(request)

• Read the docs

Thank You

Presenter: Morten Barklund@barklund?

The simple but powerful elegance of Django REST Framework · Django REST Framework The simple but...

Documents

Transcript of The simple but powerful elegance of Django REST Framework · Django REST Framework The simple but...

Django Rest Angular Guide

Building Modern APIs Django 2 - PyConpycon.pk/static/media/uploads/presentations/pycon_pakistan_-_introduction_to_django...Create models using Django Build API using Django REST Add

Django + WordPress.com REST API = Profit

Django Rest Framework and React and Redux, Oh My!

REST APIs com Django

Modern Websites with Django and React - PyYYC...Modern Websites with Django and React Andrew Neitsch 2016-08-23 Introduction 1. Django tutorial 2. JSON APIs with Django REST framework

django-rest-framework-datatables Documentation › pdf › django-rest-framework...But django-rest-framework-datatables can do much more ! As you will learn in the tutorial, it speaks

Introduction to Django REST Framework, an easy way to build REST framework in Django

django-rest-swagger Documentation...django-rest-swagger Documentation, Release 0.3.8 1.1api_version version of your api. Defaults to ’’ 1.2api_path path to your api. url protocol

Building REST APIs with Django

MODULES AND EXAMPLE WORKFLOWS€¦ · Django Web Framework (Python) • Django REST Framework (Python) • PostgreSQL (Database) • Memcached (Caching) • jQuery & jQuery UI (Javascript)

Django Rest Framework - Tips & Tricks - Pycon Italia · PDF fileclda.co/pycon8-drf Introduction Django REST framework is a powerful and ﬂexible toolkit for building Web APIs. What

Elegance · Elegance ... Elegance

Saas rad with django, django rest framework

Razvoj spletne aplikacije za upravljanje odnosov s ... · DRF django REST framework django REST ogrodje DRY don’t repeat yourself ne ponavljaj se ORM object-relational mapping objektno-relacijsko

Django rest framework

Full-stack web development using Django REST framework and ...

Django Learn the Basics - it.iitb.ac.in · Advance Concepts Django Rest API Built in features ORM Built in Authentication System Template engine Form processing Web server for development

API Providers Guide - API Deployment › kinlane-productions › ... · Django REST framework is a lightweight REST framework for Django, that aims to make it easy to build wellconnected,

Building an API with Django and Django REST Framework